Helping Clients Navigate The

Dynamic Area Of The DPF For EU-U.S. Data Transfers

The EU-US Data Privacy Framework (DPF) is the latest development in a saga that has now been spanning decades aimed at reconciling and streamlining cross-border data transfers from the European Union (EU) to the United States (US) (with the relevant Swiss DPF and UK Extension). The storied history of data transfer mechanisms and the invalidation of each, ranging from the Safe Harbor to the Privacy Shield, including the role of Max Schrems’ NGO called NYOB and the eponymous Schrems II decision, has caused much tumult and resource expenditure among many organizations.

The DPF is an adequacy decision that concludes that the US provides a “level of protection essentially equivalent” to that of the EU for personal data transferred to certified organizations in the US.

Underpinning the DPF are several principles organizations must adhere to to attain and maintain certification, including notice, choice, accountability for onward transfers, security, data integrity and purpose limitation, access and recourse, enforcement, and liability. Further, redress also plays a leading role under the DPF. Specifically, redress aims to ensure that US intelligence activities are “necessary and proportionate in the pursuit of defined national security objectives.” As part of this, establishing an adjudicating function called the Data Protection Review Court (DPRC) will allow residents of the EU to initiate a process whereby the DPRC may instruct the relevant intelligence agencies to take remedial actions.

With so many previous iterations of data transfer mechanisms being invalidated and further challenges in the offing, the DPF’s future is uncertain. RICHT is at the forefront of this dynamic area and is focused on helping clients stay ahead of the ever-evolving regulatory landscape.

The Road To The Data Privacy Framework

Data Privacy Framework (DPF) Law Services We Offer

Data Privacy Framework (DPF) Certification

Other Data Transfer Mechanism Implementation

Ongoing Data Privacy Framework (DPF) Compliance

“Transatlantic data flows are critical to enabling the $7.1
trillion EU-U.S. economic relationship. The EU-U.S. DPF
will restore an important legal basis for transatlantic data
flows by addressing concerns that the Court of Justice of
the European Union raised in striking down the prior EUU.S. Privacy Shield framework as a valid data transfer mechanism under EU law.”

Source: Executive Order to Implement the European Union-U.S. Data Privacy Framework


Find Out About How A Data Privacy Framework (DPF) Lawyer Can Help

    Data Privacy Framework (DPF) Law News



    Implementing Transatlantic Transfers

    This chart outlines the key changes and requirements for U.S. organizations participating in the Data Privacy Framework, whether they are transitioning from the Privacy Shield or newly self-certifying, and for EU organizations transferring data to U.S. organizations, including to U.S. organizations not certified to the Data Privacy Framework.

    Data Transfers
    European Commission

    Questions & Answers: EU-US Data Privacy Framework

    FAQs from the European Commission outlining the new EU-US Data Privacy Framework and answering some common questions.

    Data Transfers

    Our Insights